Knowledge Center

ePolicy Orchestrator installation and update checklist for known issues
Technical Articles ID:   KB71825
Last Modified:  6/11/2019


McAfee ePolicy Orchestrator (ePO) 5.x


The following is a checklist for known issues with full product installations and updates for ePO.

IMPORTANT: You must follow each step in this document exactly as it appears, to reduce the chance of an upgrade or migration failure.

Click to expand the section you want to view:
Review the supported upgrade paths for ePO
See KB51569 for a list of supported upgrade paths.

Review the product or update release notes for new features
Click here for a list of ePO release notes.

Review the product or update known issues articles
To understand both general known issues and upgrade-related known issues, review all relevant articles. Click here for a list of ePO known issues articles.

Back up your ePO server
For information, see KB66616 and follow the steps in the "Backing up the ePO server" section.

Perform the following steps on servers that have ePO installed.

Ensure that the ePO server has enough hard disk space for the upgrade:
  • System temp drive: Requires 2 GB or more of free disk space.
  • ePO installation drive: Could require up to three times the size of the McAfee\ePolicy Orchestrator folder or 20 GB, whichever is greater.

    NOTE: If the ePO server is installed on the same drive as the system temp folder, and the ePO installation directory is 15 GB in size, the required available hard disk space in the C drive is more than 45 GB. This space is needed to account for the system temp folder. In that scenario, you would need 15 GB X 3 + 2 GB = 47 GB of free space. In the same scenario, if the ePO installation directory is 2 GB in size, the minimum size requirement means that the drive must have 20 GB + 2 GB = 22 GB of free space.

(Optional) Reduce the drive space requirement by purging log files and temp files from the ePO installation directory, before you upgrade:
  1. Stop the ePO services:
    1. Press Windows+R, type services.msc, and click OK.
    2. Right-click the following services and select Stop:

      McAfee ePolicy Orchestrator x.x.x Application Server
      McAfee ePolicy Orchestrator x.x.x Server
      McAfee ePolicy Orchestrator x.x.x Event Parser
  2. Delete the files in the following folders:
    IMPORTANT: Do not delete the folders. Delete only the files in these folders.
    • <epo_installation_directory>\Server\Temp
    • <epo_installation_directory>\Server\Logs
    • <epo_installation_directory>\DB\Logs
    • <epo_installation_directory>\Apache2\Logs
  3. Remove any backup files and folders that might have been manually created anywhere in the install directory of ePO to outside of the install directory.
  4. Start the ePO services:
    1. Press Windows+R, type services.msc, and click OK.
    2. Right-click the following services and click Start:

      McAfee ePolicy Orchestrator x.x.x Application Server
      McAfee ePolicy Orchestrator x.x.x Server
      McAfee ePolicy Orchestrator x.x.x Event Parser
Disable run immediately client tasks:
When the McAfee Agent extension is upgraded in ePO, previously executed tasks that are configured to "Run Immediately" execute again on the next agent-server communication. This action can cause various products to be redeployed to clients. To prevent this issue, before you upgrade, disable any tasks configured to "Run Immediately." For more information, see KB74420.

Disable ePO server tasks and any Windows scheduled tasks that might be set to run on the ePO server:
Disable any tasks that would interfere with the installation, such as purge events, pull tasks, and replication tasks. If you are using Drive Encryption, it is important to disable all LDAP Sync tasks before you initiate the upgrade of the ePO server. Ensure that there are no LDAP Sync tasks running. If any are running, wait for them to complete. For more information, see KB84690.

For information about editing tasks, see the "Server Tasks" section of the product guide for your current version of ePO:
  • PD27630 ePolicy Orchestrator 5.10 Product Guide
  • PD26914ePolicy Orchestrator 5.9 Product Guide
  • PD25504ePolicy Orchestrator 5.3 Product Guide
Disable Windows updates:
To ensure that they do not interfere with your ePO installation or upgrade, disable Windows updates. For more information, see https://support.microsoft.com/en-us/help/12373/windows-update-faq.

Disable third-party software:
  • Disable any software that automatically restarts services on your ePO server. This step includes disabling monitoring software, such as Microsoft System Center Operations Manager, that might affect the ePO services starting and stopping during the installation or upgrade.
  • Disable any third-party security software that could potentially introduce permissions issues.
Ensure that the 8.3 naming convention is enabled:
The 8.3 naming convention must be enabled on the drive where ePO is going to be installed. For instructions to enable the 8.3 naming convention, see Solution 1 in KB51431.

Custom Indexes:
If there are any custom indexes created, review KB73614 because these indexes need to be removed before you try an upgrade.

Other considerations:
Ensure that there are no shared folders, desktop shortcuts, mapped drives, or any other open connections to anywhere in the ePO install directory, to prevent any file locking issues.

Run the following steps using SQL Management Studio:
  1. Click Start, Programs, Microsoft SQL Server, and select SQL Server Management Studio.
  2. Verify the SQL instance that ePO is using.

    Perform either of the following to verify the SQL instance that ePO is using:
    • Check the SQL Server service name by opening services.msc:
      Example: SQL Server (SQLEXPRESS)
    • Run the following query in SQL Server Management Studio:

      select @@servername

  3. Ensure correct account permissions.

    The account used to access the SQL Server must have the following permissions:
    • Default database must be master:
      1. Expand Security, Logins.
      2. Right-click the account and select Properties.
      3. Ensure that the default database is set to Master.
      4. Expand User Mapping and ensure that the account has dbo in the schema for the database.
    • This account must be the db_owner in the database security properties:
      1. Expand Databases, your ePO database, Security, Users.
      2. Right-click the dbo account and select Properties.
      3. Ensure that the account has dbo in the Default schema for the database.

        If you use an NT account to authenticate to the ePO database, ensure that the account has Local Admin rights on the ePO server.

        See KB75766 for detailed information about the required SQL permissions.
  4. Verify the Database Options Properties:
    1. Right-click the ePO database and select Properties.
    2. Select Options on the properties page.
    3. Verify that the correct DB collation is set on the SQL Server.

      See KB73717 for detailed information about supported collation types for ePO.
    4. Ensure that the Compatibility level is set to 100 or higher for the ePO database.

      Click Options and ensure that Compatibility level is set to 100 rather than 80 or 90. If it is not, select 100 from the Compatibility level drop-down list and click OK.
    5. Ensure that Auto Close is set to False.

      If it is not, click Auto Close, select False, and click OK.
    6. Ensure Arithmetic Abort Enabled is set to True.

      If it is not, click Arithmetic Abort Enabled, select True, and click OK.
  5. Disable SQL database mirroring or Always on, if it is used.

    See KB86152 for detailed information about how to verify if it is enabled.
  6. Disable any third-party Security Information and Event Management (SIEM) or other software that is connected to the ePO database for querying events, or any other reason.

Perform the following steps on the server hosting the ePO Database:
  1. Ensure that the SQL browser service is running:
    1. Press Windows+R, type services.msc, and click OK.
    2. Locate the SQL Server Browser service and ensure that it is started and running.

      If it is not, right-click the SQL Server Browser service and click Start.
  2. Ensure that Microsoft KB 2653857 is applied on the SQL Server. If that is not possible, disable SQL Force Encryption before you upgrade (if it is enabled):
    1. Click Start, All Programs, Configuration Tools, SQL Server Configuration Manager.
    2. Right-click Protocols for <instance_name> (MSSQLSERVER by default) under SQL Server Network Configuration, and click Properties.
    3. Click the Force Encryption drop-down list and select No.
    4. Click OK.
In a pure IPv6 environment, ensure that only IPv6 is enabled on the SQL Server that hosts the ePO database.

Ensure that the ePO database has enough space for the upgrade:
It is recommended for the ePO database to have 1.5 GB to 2 GB of free space for an upgrade. If you are using SQL Server Express, which supports a maximum of 10 GB, upgrade to SQL Server if the existing ePO database is 8 GB or more in size.

Eliminate unprocessed events:
Ensure that the DB\Events folder (including Debug) is empty or has minimal events stored before the upgrade. During the upgrade, this folder is scanned and if there are more than 10,000 events that are not processed yet, it interrupts the upgrade with a pop-up message stating: "This ePolicy Orchestrator server has more than 10,000 unprocessed events, which might cause the upgrade process to take an exceptionally long amount of time".

Back to Top


  • Ensure that the ePO administrator and SQL account user names and passwords meet the criteria described in KB66286.
  • Perform a preventative measure to avoid Tomcat failing to stop.

    NOTE: Perform this procedure only when you are ready to start the installation:
    1. Press Windows+R, type services.msc, and then click OK.
    2. Stop the ePolicy Orchestrator Server Service and ePolicy Orchestrator Event Parser Service.
    3. Restart the ePolicy Orchestrator Application Server Service.
    4. Make sure that clients systems can send events back to the ePolicy Orchestrator.

      There are two ways to obtain the standard EICAR test file:

      • Download the file directly from www.eicar.org.
      • For information about how to use the EICAR anti-malware test file with McAfee products, see KB59742.
    5. If the On-Access Scanner is functioning correctly, it is detected as malware
    6. Open McAfee Agent Status Monitor and click Send Events.
    7. In the ePolicy Orchestrator Console, go to MenuReporting, Threat Event Log, and see if the EICAR detection was successfully received.
  • Back up your ePO server. See KB66616 for detailed steps.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.